<?php
	
require '../include/user_login.inc.php';
require '../include/paging.inc.php';

	
	
	
	if($_SESSION['ACCESS_SID'] < 1) redirect(HTML_BASE.$_SESSION["lang"].'/login/');
	 
	

$redirect = $_SERVER['HTTP_REFERER'];	
	$user_id = $_SESSION['USER_SID'];



if (!isset($_POST['is_submitted'])) {
    	$_POST['is_submitted'] = '';
		}
		if (!isset($_POST['email'])) {
			$_POST['email'] = '';
		}
		if (!isset($_POST['password'])) {
			$_POST['password'] = '';
		}
		if (!isset($error_message)) {
			$error_message = '';
		}
	$redirect = $_SERVER['HTTP_REFERER'];	
	//$_SESSION['USERNAME'] = $_POST["fullname"];
	if ($_POST['is_submitted']) {
		$error_message = '';
		$redirect = $_POST["redirect"];
		if (!$_POST['email']) $error_message .= 'Не е въведен E-mail адрес<br/>';
		else $_POST['email'] = escape($_POST['email']);
		 if (checkEmail($_POST['email'])== 0) $error_message .= "Невалиден E-mail адрес<br/>";
		if ($_POST['password'])
		{
		if (!$_POST['repassword']) $error_message .= 'Повторете паролата<br/>';
		else $_POST['repassword'] = escape($_POST['repassword']);
		if ($_POST['password'] != $_POST['repassword']) $error_message .= 'Въведените пароли не съвпадат<br/>';
		}
	
		if (!$error_message) {
			$sql = "SELECT
						*
					   FROM
						 users
					   WHERE
						 email = \"".escape($_POST['email'])."\"
						 
						 AND user_id != '$user_id'
					   
					";
			$result = query($sql);
			if ($row = mysql_fetch_object($result)) {
				$error_message = 'Вече има потребител регистриран с този e-mail!';
			} else {
				
				$sql = "UPDATE users SET
						 email = '".escape($_POST['email'])."',
						 full_name = '".escape($_POST['fullname'])."',
						 phone = '".escape($_POST['phone'])."',
						 entity = '".escape($_POST['entity'])."'
					  ";
					  if($_POST['password'])
					  {
						$sql .= ",
						 h_password = '".md5(escape($_POST['password']))."' ";  
					  }
					  $sql .=  " WHERE
					   user_id = '$user_id'
					   ";
				query($sql);
				$_SESSION['message'] ="Промините са запазени";
				redirect($redirect);
				
			}
		}
	}
	
	head('Setings');
	if($_SESSION['ACCESS_SID'] == 1) menu_user();
	if($_SESSION['ACCESS_SID'] == 2) menu_law();

?>

<div id="content">
		
		<?php if ($_SESSION['message']) { ?>
			<div class="message green">
				<?=$_SESSION['message']?>
			</div>
			<?php unset($_SESSION['message']); } ?>


	<h3>Редактиране на потребителски профил</h3>
    <br />
	<br />

            <form action="<?=HTTML_BASE.$_SESSION["lang"]?>/user-setings/" method="post" enctype="multipart/form-data">
            <input type="hidden" name="is_submitted" value="1" />
			 <input type="hidden" name="user_id" value="<?=$user_id?>" /> 
              <input type="hidden" name="redirect" value="<?=$redirect?>" />
              <input type="hidden" name="act" value="edit" />
			<dl class="clearfix" >
			
			<?php if ($error_message) { ?>
			<div class="red" style="padding:10px;">
				<?=$error_message?>
			</div><br /><br />
			<?php } 
			$sql = "SELECT 
						email,
						full_name,
						phone,
						entity
					FROM
						users
					WHERE
						user_id ='$user_id'
					
					";
			$result_use = query($sql);
			$row_use = mysql_fetch_object($result_use);
			
			$email = $row_use->email;
			$fullname = $row_use->full_name;
			$phone = $row_use->phone;
			$entity = $row_use->entity;
			if ($_POST['is_submitted'])
			{
				$fullname = $_POST['fullname'];
				$email = $_POST['email'];
				$phone = $_POST['phone'];
				$entity = $_POST['entity'];
				
			}
			
			 
			?>
			<table style="margin:auto;" width="70%" border="0" cellspacing="0" cellpadding="0">
            <tr>
                <td>
            <label for="email" class="required">E-mail</label><br />
			<input class="inputbox" name="email" type="text" value="<?=$email?>" >
           		</td>
                <td>
            <label for="email" class="required">Име и фамилия</label><br />

           <input class="inputbox" name="fullname" type="text" value="<?=$fullname?>" >
           		</td>
          </tr>
          
          <tr>
                 <td><label for="entity" class="required"><?=__entity_NAME?></label><br>
            <input class="inputbox" name="entity" type="text" value="<?=$entity?>" >
                 </td>
               
                <td><label for="phone" class="required"><?=__PHONE?></label><br>
            <input class="inputbox" name="phone" type="text" value="<?=$phone?>" ><br>
            </td>
               
          </tr>
          
          
           <tr>
                <td>
           <label for="password" class="required">Нова парола</label><br />

            <input class="inputbox" name="password" type="password" value="<?=$_POST['password']?>" >
            </td>
            <td>
<label for="password" class="required">Повтори парола</label><br />
<input class="inputbox" name="repassword" type="password" value="<?=$_POST['repassword']?>" >
            </td>
            </tr>
            
            <tr>
                <td>
           
            </td>
            <td><br />

<input class="button" type="submit" name="submit" id="submit" value="<?=__SAFE_BTN?>">
            </td>
            </tr>
            </table>
			
            
            
		</form>
			
			
   </div>
    

<?php
foot();
?>